On Fri, 29 Apr 2016, Ben .T.George wrote:
I have working setup of one AD, one IPA server and one client server. by
default i can login to client server by using AD username.
i want to apply HBAC rules against this client server. For that i have done
1. created External group in IPA erver
2. created local POSIX group n IPA server
3. Added AD group to external group
4. added POSIX group to external group.
You should have added external group to POSIX group, not the other way
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project